[Bug 3122] New: New Include functionality does not work as documented
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Feb 18 21:46:12 AEDT 2020
https://bugzilla.mindrot.org/show_bug.cgi?id=3122
Bug ID: 3122
Summary: New Include functionality does not work as documented
Product: Portable OpenSSH
Version: 8.2p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: grazzolini at archlinux.org
I have been trying to use the new Include functionality to expand a
sshd configuration in order to add a snippet of config that matches to
a user and use a custom AuthorizedKeysCommand to validate the ssh keys.
If I use the include functionality like this:
Include /etc/ssh/ssh.d/*
And on the /etc/ssh/ssh.d directory I have a config file like this:
Match User <user>
PasswordAuthentication no
AuthorizedKeysCommand <command> "%t" "%k"
AuthorizedKeysCommandUser <user>
AcceptEnv <some var>
It doesn't work. sshd -t tells me the syntax is valid and, when I run
sshd with -ddd I see the file getting parsed and loaded, but, when
trying to login it operates as if the AuthorizedKeysCommand isn't
there.
On the other hand, if I do something like this:
Match User <user>
Include /etc/ssh/ssh.d/*
And on the /etc/ssh/ssh.d directory I have a config file like this:
PasswordAuthentication no
AuthorizedKeysCommand <command> "%t" "%k"
AuthorizedKeysCommandUser <user>
AcceptEnv <some var>
It does work.
It also works if I do something like dropping the Match from the main
config file:
Include /etc/ssh/ssh.d/*
Which leads me to conclude that the usage of Match on a included
configuration file does not work.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list